[Samba] permissions weirdness
L.P.H. van Belle
belle at bazuin.nl
Fri Mar 25 08:35:32 UTC 2022
Set initial POSIX perms
setfacl --recursive --remove-all folder
chown -R root:"AD\Domain Admins" folder
chmod -R 2775 folder
Folder 2775 root:"AD\Domain Admins" , everone has access only because the last 5.
folder/IT 2770 root:"AD\IT", , "AD\Domain Admins" inherits, you Add "Domain Users" RW and "AD\IT" RWX
folder/IT and add "Creator Group" full control
(* assuming AD\IT is a group)
Where "AD\Domain Admins" is the manager of the folders..
"AD\IT" is the security group to controle acces in/out. *( all except full control )
"Domain Users" is used and gets the rights on files *( primary group is domain users) *( all except full control )
Full control is only needed if you want these user to have the ability to change the rights.
And, i suggest, remove acl_xattr:ignore system acls = yes in the Global and share first.
Then try above, not your expected result, the add it back on the share only.
Then check/set rights again..
More information about the samba